article

Free access

Statistical database design

Authors:

Francis Y. Chin,

Gultekin OzsoyogluAuthors Info & Claims

ACM Transactions on Database Systems (TODS), Volume 6, Issue 1

Pages 113 - 139

https://doi.org/10.1145/319540.319558

Published: 01 March 1981 Publication History

Abstract

The security problem of a statistical database is to limit the use of the database so that no sequence of statistical queries is sufficient to deduce confidential or private information. In this paper it is suggested that the problem be investigated at the conceptual data model level. The design of a statistical database should utilize a statistical security management facility to enforce the security constraints at the conceptual model level. Information revealed to users is well defined in the sense that it can at most be reduced to nondecomposable information involving a group of individuals. In addition, the design also takes into consideration means of storing the query information for auditing purposes, changes in the database, users' knowledge, and some security measures.

References

[1]

ACHUGBUE, J.D., AND CHIN, F.Y. The effectiveness of output modification by rounding for protection of statistical databases. INFOR 17, 3 (1979), 209-218.

[2]

AHO, A.V., HOPCROFT, J.E., AND ULLMAN, J.D. The Design and Analysis of Computer Algorithms. Addison-Wesley, Reading, Mass., 1976.

Digital Library

[3]

C~EN, P.P-S. The entity-relationship model--Toward a unified view of data. A CM Trans. Database Syst. i, 1 (March 1976), 1-36.

Digital Library

[4]

CHIN, F.Y. Security in statistical databases for queries with small counts. ACM Trans. Database Syst. 3, 1 (March 1978), 92-104.

Digital Library

[5]

CHIN, F.Y., AND OZSOYOGLU, G. Security in partitioned dynamic statistical databases. Proc. IEEE COMPSAC Conf., 1979, pp. 594-601.

[6]

CHIN, F.Y., AND OZSOYOGLU, G. Security of statistical databases. Dep. Computing Science, Univ. Alberta, Edmonton, Alberta, Canada, 1979.

[7]

COD}), E.F. A relational model of data for large shared data banks. Commun. ACM 13, 6 (June 1970), 377-387.

Digital Library

[8]

CODD, E.F. Recent investigations in relational database systems. Information Processing 74, North-Holland Pub. Co., Amsterdam, 1974, pp. 1017-1021.

[9]

CODD, E.F. Extending the database relational model to capture more meaning. ACM Trans. Database Syst. 4, 4 (Dec. 1979), 397-434.

Digital Library

[10]

DAVIDA, G., AND ROCHELEAU, R. Compromising a database using MEAN queries of variable length. TR-CS-77-2, Univ. Wisconsin, Milwaukee, Wisc., 1976.

[11]

DEMILLO, R.A., AND DOBKIN, D. Recent progress in secure computation. IEEE 2nd int. Conf. Computer Software and Applications, 1978.

[12]

DEMILLO, R., DOBI~N, D., AND LIPTON, R.J. Even databases that lie can be compromised. IEEE Trans Soflw. Eng. SE-4, 1 (1978), 73-75.

Digital Library

[13]

DENNING, D.E. Are statistical databases secure? Tech. Rep., Computer Sciences Dep., Purdue Univ., W. Lafayette, Ind., 1977.

[14]

DENNING, D.E. Secure statistical databases with random sample queries. Computer Sciences Dep., Purdue Univ., W. Lafayette, Ind., 1979.

[15]

DENNING, D.E., DENNING, P.J., AND SCHWARTZ, M.D. The tracker: A threat to statistical database security. ACM Trans. Database Syst. 4, 1 (March 1979), 76-96.

Digital Library

[16]

DOBKIN, D., JONES, A.K., AND LIPTON, R.J. Secure databases: Protection against user inference. ACM Trans. Database Syst. 4, 1 (March 1979), 97-106.

Digital Library

[17]

DOBKIN, D., LIPTON, R.J., AND REISS, S.P. Aspects of the database security problem. Proc. Conf. Theoretical Computer Science, Waterloo, Canada, 1977.

[18]

FELLEGI, I.P., AND PHILLIPS, J.L. Statistical confidentiality: Some theory and applications to data dissemination. Ann. Econ. Soc. Meas. 3, 2 {1972), 399-409.

[19]

HAMMER, M.M., AND McLEOD, D.J. Semantic integrity in a relational database system. Proc. Very Large Databases, 1975, pp. 25-47.

[20]

HANSEN, M.H. Insuring confidentiality of individual records in data storage and retrieval for statistical purposes. Proc. AFIPS I971 FJCC, vol. 39, AFIPS Press, Arlington, Va., pp. 579-585.

Digital Library

[21]

HOFFMAN, L.J. Modern Methods for Computer Security and Privacy. Prentice-Hall, Englewood Cliffs, N.J., 1977.

[22]

HOFFMAN, L.J., AND MILLER, W.F. Getting a personel dossier from a statistical data bank. Datamation 16, 5 (May 1970), 74-75.

[23]

KAM, J.B., AND ULLYIAN, J.D. A model of statistical databases and their security. ACM Trans. Database Syst. 2, 1 (March 1977), 1-10.

Digital Library

[24]

KERSCHBERG, L., KLU6, A., AND TSICHRITZIS, D. A taxonomy of data models. Proc. Very Large Databases, 1976, pp. 43-63.

Digital Library

[25]

NISSSEN, G.M. (ED.) IFIP Working Conf. Modelling in Data Base Management Systems, Proceedings, North-Holland, 1976.

[26]

OZSOYOGLU, G., AND CHIN, F.Y. Enhancing the security of statistical databases with a questionanswering system and a kernel design. Tech. Rep., Dep. Computing Science, Univ. Alberta, Edmonton, Alberta, Canada, 1979.

[27]

REISS, S.P. Security in databases: A combinatorial study. J. ACM 26, 1 (Jan. 1979), 45-57.

Digital Library

[28]

SchlSrer, J. Identification and retrieval of personnel records from a statistical data bank. Methods Inf. in Med. 14, 1 {Jan. 1975), 7-13.

[29]

SCHLt}RER, J. Confidentiality of statistical records: A threat monitoring scheme for on-line dialogue. Methods Inf. in Med. 15, 1 (Jan. 1976), 36-42.

[30]

SCHLt}aER, J. Union tracker and open statistical databases. Rep. TB-IMSD 1/78, Inst. Medizinische Statistik und Dokumentation, Univ. Giessen, Giessen, W. Germany, June 1978.

[31]

SCHWARTZ, M.D., DENNING, D.E., AND DENNING, P.J. Linear queries in statistical databases. CSD-TR-216, Computer Sciences Dep., Purdue Univ., W. Lafayette, Ind., 1976.

[32]

SMITH, J.M., AND SMITH, D.C.P. Database abstractions: Aggregation. Commun. A CM 20, 6 (June 1977), 405-413.

Digital Library

[33]

SMITH, J.M., AND S~ITH, D.C.P. Database abstractions: Aggregation and generalization. ACM Trans. Database Syst. 2, 2 (June 1977), 195-133.

Digital Library

[34]

PRIVACY ACT OF 1974. Title 5, United States Code, Section 552a (Public Law 93-579), 1974.

[35]

Yu, C.T., AND CXIN, F.Y. A study on the protection of statistical data bases. Proc. A CM SIGMOD Int. Conf. Management of Data, Toronto, Canada, I977, pp. 169-181.

Digital Library

Cited By

Hou JLi XJung TWang YZheng D(2018)CASTLE: Enhancing the Utility of Inequality Query Auditing Without Denial ThreatsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2018.279780213:7(1656-1669)Online publication date: Jul-2018
https://doi.org/10.1109/TIFS.2018.2797802
(2015)Statistical Database Auditing Without Query Denial ThreatINFORMS Journal on Computing10.5555/2736028.273603027:1(20-34)Online publication date: 1-Feb-2015
https://dl.acm.org/doi/10.5555/2736028.2736030
(2015)Statistical Database Auditing Without Query Denial ThreatINFORMS Journal on Computing10.5555/2735998.273600027:1(20-34)Online publication date: 1-Feb-2015
https://dl.acm.org/doi/10.5555/2735998.2736000
Show More Cited By

Index Terms

Statistical database design
1. Applied computing
  1. Physical sciences and engineering
    1. Mathematics and statistics
2. Information systems
  1. Information systems applications
    1. Decision support systems
      1. Data analytics

Recommendations

A security machanism for statistical database

The problem of user inference in statistical databases is discussed and illustrated with several examples. It is assumed that the database allows “total,” “average,” “count,” and “percentile” queries; a query may refer to any arbitrary subset of the ...
Security of statistical databases: multidimensional transformation

The concept of multidimensional transformation of statistical databases is described. A given set of statistical output may be compatible with more than one statistical database. A transformed database D' is a database which (1) differs from the ...
Incorporating NoSQL into a database course

This article introduces the concepts of Big Data and NoSQL and describes a semester long web-based project that uses both a relational database (Oracle 11g) and a NoSQL (MongoDB) database for an undergraduate database course. The relational database ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Database Systems

ACM Transactions on Database Systems Volume 6, Issue 1

March 1981

211 pages

ISSN:0362-5915

EISSN:1557-4644

DOI:10.1145/319540

Editor:
David K. Hsiao
Ohio State Univ., Columbus

Issue’s Table of Contents

Copyright © 1981 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 March 1981

Published in TODS Volume 6, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

65
Total Citations
View Citations
1,355
Total Downloads

Downloads (Last 12 months)144
Downloads (Last 6 weeks)20

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Hou JLi XJung TWang YZheng D(2018)CASTLE: Enhancing the Utility of Inequality Query Auditing Without Denial ThreatsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2018.279780213:7(1656-1669)Online publication date: Jul-2018
https://doi.org/10.1109/TIFS.2018.2797802
(2015)Statistical Database Auditing Without Query Denial ThreatINFORMS Journal on Computing10.5555/2736028.273603027:1(20-34)Online publication date: 1-Feb-2015
https://dl.acm.org/doi/10.5555/2736028.2736030
(2015)Statistical Database Auditing Without Query Denial ThreatINFORMS Journal on Computing10.5555/2735998.273600027:1(20-34)Online publication date: 1-Feb-2015
https://dl.acm.org/doi/10.5555/2735998.2736000
(2015)Statistical Database Auditing Without Query Denial ThreatINFORMS Journal on Computing10.5555/2725966.272596827:1(20-34)Online publication date: 1-Feb-2015
https://dl.acm.org/doi/10.5555/2725966.2725968
(2015)Statistical Database Auditing Without Query Denial ThreatINFORMS Journal on Computing10.5555/2725954.272595627:1(20-34)Online publication date: 1-Feb-2015
https://dl.acm.org/doi/10.5555/2725954.2725956
(2015)Statistical Database Auditing Without Query Denial ThreatINFORMS Journal on Computing10.5555/2700896.270089827:1(20-34)Online publication date: 1-Feb-2015
https://dl.acm.org/doi/10.5555/2700896.2700898
Lu HVaidya JAtluri VLi Y(2015)Statistical Database Auditing Without Query Denial ThreatINFORMS Journal on Computing10.1287/ijoc.2014.060727:1(20-34)Online publication date: Feb-2015
https://doi.org/10.1287/ijoc.2014.0607
(2014)Statistical Database Auditing Without Query Denial ThreatINFORMS Journal on Computing10.5555/2700137.2700138(1-15)Online publication date: 1-Sep-2014
https://dl.acm.org/doi/10.5555/2700137.2700138
Ran MXia M(2014)Construction and Implementation of the Network Teaching System of Mechanical Design Basic Course Based on WebAdvanced Materials Research10.4028/www.scientific.net/AMR.989-994.5341989-994(5341-5344)Online publication date: Jul-2014
https://doi.org/10.4028/www.scientific.net/AMR.989-994.5341
Kenthapadi KMishra NNissim K(2013)Denials leak informationJournal of Computer and System Sciences10.1016/j.jcss.2013.06.00479:8(1322-1340)Online publication date: 1-Dec-2013
https://dl.acm.org/doi/10.1016/j.jcss.2013.06.004
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents